Course Overview
This course provides students with the advanced knowledge, skills, and hands-on experience needed to deploy, manage, and monitor existing Quantum Security Environments. Students will learn how to deploy Management High Availability, provide advanced policy management, configure Site-to-Site VPN, provide advanced security monitoring, upgrade a Security Gateway, use Central Deployment tool to install hotfixes, perform an import of a Primary Security Management Server, and Deploy ElasticXL Cluster.
Who should attend
- Security Engineers
- Security Analysts
- Security Consultants
- Security Architects
Prerequisites
Base Knowledge
- Unix-like and/or Windows OS
- Internet Fundamentals
- Networking Fundamentals
- Networking Security
- System Administration
- TCP/IP Networking
- Text Editors in Unix-like OS
- Minimum of 6-months of practical experience with the management of a Quantum Security Environment
Outline: Check Point Certified Security Expert (CCSE)
Module 1: Management High Availability
- Explain the purpose of Management High Availability
- Identify the essential elements of Management High Availability
Lab Tasks:
- Deploy and configure Management High Availability
- Ensure the failover process functions as expected
Module 2: Advanced Policy Management
- Identify ways to enhance the Security Policy with more object types
- Create dynamic objects to make policy updatable from the Gateway
- Manually define NAT rules
- Configure Security Management behind NAT
Lab Tasks:
- Use Updatable Objects
- Configure Network Address Translation for server and network objects
- Configure Management behind NAT for Branch Office connections
Module 3: Site-to-Site VPN
- Discuss site-to-site VPN basics, deployment, and communities
- Describe how to analyze and interpret VPN tunnel traffic
- Articulate how pre-shared keys and certificates can be configured to authenticate with third-party and externally managed VPN Gateways
- Explain Link Selection and ISP Redundancy options
- Explain tunnel management features
Lab Task:
- Configure Site-to-Site VPN with internally managed Security Gateways
Module 4: Advanced Security Monitoring
- Describe the SmartEvent and Compliance Blade solutions, including their purpose and use
Lab Tasks:
- Configure a SmartEvent Server to monitor relevant patterns and events
- Demonstrate how to configure Events and Alerts in SmartEvent
- Demonstrate how to run specific SmartEvent reports
- Activate the Compliance Blade
- Demonstrate Security Best Practice settings and alerts
- Demonstrate Regulatory Requirements Compliance Scores
Module 5: Upgrades
- Identify supported upgrade options
Lab Task:
- Upgrade a Security Gateway
- Use Central Deployment tool to install Hotfixes
Module 6: Advanced Upgrades and Migrations
- Export/import a Management Database
- Upgrade a Security Management Server by freshly deploying the new release or using a new appliance
Lab Task:
- Prepare to perform an Advanced Upgrade with Database Migration on the Primary Security Management Server in a distributed environment
- Perform an import of a Primary Security Management Server in a distributed Check Point environment
Module 7: ElasticXL Cluster
- Describe the ElasticXL Cluster solution, including its purpose and use
Lab Tasks:
- Deploy an ElasticXL Security Gateway Cluster